Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Host has installed 4.3.11-dev

Geoff Berrow
Guest
  
Posts: n/a
#1: Jul 17 '05
The host of one of the domains I manage has installed 4.3.11-dev and as
a result file uploads no longer work with Internet Explorer.

Worth keeping an eye out for.

In the meantime I now need to ask why they have installed a development
version on a production server...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Andy Hassall
Guest
  
Posts: n/a
#2: Jul 17 '05

re: Host has installed 4.3.11-dev

On Tue, 15 Feb 2005 00:12:55 +0000, Geoff Berrow <blthecat@ckdog.co.uk> wrote:
[color=blue]
>The host of one of the domains I manage has installed 4.3.11-dev and as
>a result file uploads no longer work with Internet Explorer.
>
>Worth keeping an eye out for.
>
>In the meantime I now need to ask why they have installed a development
>version on a production server...[/color]

Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
- Help!!" starting with message-id
<420a2072$0$74059$ed2619ec@ptn-nntp-reader03.plus.net> on alt.php - same issue,
same syptoms. Same host?

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Geoff Berrow
Guest
  
Posts: n/a
#3: Jul 17 '05

re: Host has installed 4.3.11-dev

I noticed that Message-ID: <prh2115pe5j8h6jc42mrehar1cq86qro1g@4ax.com>
from Andy Hassall contained the following:
[color=blue][color=green]
>>In the meantime I now need to ask why they have installed a development
>>version on a production server...[/color]
>
> Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
>- Help!!" starting with message-id
><420a2072$0$74059$ed2619ec@ptn-nntp-reader03.plus.net> on alt.php - same issue,
>same syptoms. Same host?[/color]

Yes, it is, Fasthosts. And if they don't bloody well change it, I'm
going to be mentioning it a lot. I wouldn't use them but my client has
an account with them. They have PHP on their windoze boxes, but no GD
functions so we had to pay more to go onto a Linux box.

The annoying thing is that I had been doing some modifications to the
code and only noticed while I was testing. Naturally, I thought I had
screwed up and it took an hour and a half of further testing before I
came to the conclusion that t wasn't me. Grrrr...

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Geoff Berrow
Guest
  
Posts: n/a
#4: Jul 17 '05

re: Host has installed 4.3.11-dev

I noticed that Message-ID: <aef21192io4fl6h6mfr127ork1ddpgn3il@4ax.com>
from Geoff Berrow contained the following:
[color=blue]
>The host of one of the domains I manage has installed 4.3.11-dev and as
>a result file uploads no longer work with Internet Explorer.[/color]

The host in question is Fasthosts in the UK.

The problem exists in Internet Explorer
$_FILE['userfile']['name'] contains the full path to the file.

It can be corrected by adding the lines
$fname = $_FILES['userfile']['name'];
$filename=substr(strrchr($fname,"\\"),1);

and then replacing $_FILES['userfile']['name'] with $filename wherever
it occurs.


Support have stated that they have installed this version for security
reasons. Anyone know anything about this?


Crossposted to alt.php,alt.comp.lang.php,uk.net.web.authoring
Follow-ups to comp.lang.php

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
NC
Guest
  
Posts: n/a
#5: Jul 17 '05

re: Host has installed 4.3.11-dev

Geoff Berrow wrote:[color=blue]
>
> The host of one of the domains I manage has installed 4.3.11-dev
> ...
> Support have stated that they have installed this version for[/color]
security[color=blue]
> reasons. Anyone know anything about this?[/color]

Most likely, this is overkill. There was indeed a security
advisory about PHP <= 4.3.9 and PHP <= 5.0.2:

http://www.hardened-php.net/advisories/012004.txt

But the recommendation was to upgrade to stable PHP 4.3.10.
Why a hosting company would want to upgrade to a development
version is beyond me...

Cheers,
NC
Geoff Berrow
Guest
  
Posts: n/a
#6: Jul 17 '05

re: Host has installed 4.3.11-dev

I noticed that Message-ID:
<1108495098.615467.8040@o13g2000cwo.googlegroups.c om> from NC contained
the following:
[color=blue][color=green]
>> reasons. Anyone know anything about this?[/color]
>
>Most likely, this is overkill. There was indeed a security
>advisory about PHP <= 4.3.9 and PHP <= 5.0.2:
>
>http://www.hardened-php.net/advisories/012004.txt
>
>But the recommendation was to upgrade to stable PHP 4.3.10.
>Why a hosting company would want to upgrade to a development
>version is beyond me...[/color]


The advisory says:

Recommendation:

It is strongly recommended to upgrade to the new PHP-Releases as
soon as possible, ...

But I agree with you, it does seem clueless to run development software
on a production server. Who knows what other vulnerabilities the dev
software may have?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Andy Hassall
Guest
  
Posts: n/a
#7: Jul 17 '05

re: Host has installed 4.3.11-dev

On Tue, 15 Feb 2005 11:25:41 +0000, Geoff Berrow <blthecat@ckdog.co.uk> wrote:
[color=blue]
>I noticed that Message-ID: <aef21192io4fl6h6mfr127ork1ddpgn3il@4ax.com>
>from Geoff Berrow contained the following:
>[color=green]
>>The host of one of the domains I manage has installed 4.3.11-dev and as
>>a result file uploads no longer work with Internet Explorer.[/color]
>
>The host in question is Fasthosts in the UK.
>
>The problem exists in Internet Explorer
>$_FILE['userfile']['name'] contains the full path to the file.
>
>It can be corrected by adding the lines
>$fname = $_FILES['userfile']['name'];
>$filename=substr(strrchr($fname,"\\"),1);
>
>and then replacing $_FILES['userfile']['name'] with $filename wherever
>it occurs.
>
>Support have stated that they have installed this version for security
>reasons. Anyone know anything about this?[/color]

Changelog for 4.3.11-dev has a couple of possibly bad bugs in it, but nothing
jumps out as worth upgrading to a development version on a live server.

Some memory leaks and some safe_mode issues.


?? ??? ????, Version 4.3.11
- Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
- Changed phpize not to require libtool. (Jani)
- Fixed several egregious leaks in ext/browscap and sapi/embed. (Andrei)
- Fixed several leaks in ext/filepro. (Tony)
- Fixed build system to always use bundled libtool files. (Jani)
- Fixed MacOSX shared extensions crashing on Apache startup. (Rasmus)
- Fixed bug #31936 (set_h_errno() is redefined incompatibly). (Jani)
- Fixed bug #31858 (--disable-cli does not force --without-pear). (Jani)
- Fixed bug #31842 (*date('r') does not return RFC2822 conforming date string).
(Jani)
- Fixed bug #31797 (exif_read_data() uses too low nesting limit). (Ilia)
- Fixed bug #31796 (readline completion handler does not handle empty return
values). (Ilia)
- Fixed bug #31754 (dbase_open() fails for mode = 1). (Mehdi, Derick)
- Fixed bug #31705 (parse_url() does not recognize http://foo.com#bar). (Ilia)
- Fixed bug #31684 (dio_tcsetattr(): misconfigured termios settings).
(elod at itfais dot com)
- Fixed bug #31699 (unserialize() float problem on non-English locales). (Ilia)
- Fixed bug #31623 (OCILogin does not support password grace period).
(daniel dot beet at accuratesoftware dot com, Tony)
- Fixed bug #31580 (fgetcsv() problematic with "" escape sequences). (Ilia)
- Fixed bug #31527 (crash in msg_send() when non-string is stored without
being serialized). (Ilia)
- Fixed bug #31514 (open_basedir uses path_translated rather then cwd for .
translation). (Ilia)
- Fixed bug #31480 (Possible infinite loop in imap_mail_compose()). (Ilia)
- Fixed bug #31479 (Fixed crash in chunk_split(), when chunklen > strlen).
(Ilia)
- Fixed bug #31465 (False warning in unpack() when working with *). (Ilia)
- Fixed bug #31454 (session_set_save_handler crashes PHP when supplied
non-existent object ref). (Tony)
- Fixed bug #31444 (Memory leak in zend_language_scanner.c).
(hexer at studentcenter dot org)
- Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms). (Joe)
- Fixed bug #31396 (compile fails with gd 2.0.33 without freetype). (Jani)
- Fixed bug #31371 (highlight_file() trims new line after heredoc). (Ilia)
- Fixed bug #31270 (missing safe_mode/open_basedir check in swf_openfile()).
(Ilia)
- Fixed bug #31174 (compile warning in url.c). (Ilia, lukem at NetBSD dot org)
- Fixed bug #31159 (COM object access is not working). (Wez)
- Fixed bug #31142 (imap_mail_compose() fails to generate correct output).
(Ilia)
- Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get
cutoff).
(Ilia)
- Fixed bug #31120 (mssql_query returns false on successfull inserts and
stored procedures). (Frank)
- Fixed bugs #31107, #31110, #31111 (Compile failure of zend_strtod.c). (Jani)
- Fixed bug #31106 (Fixed crash in overloaded objects). (Stas)
- Fixed bug #31103 (Better error message when c-client cannot be found). (Ilia)
- Fixed bug #31101 (missing kerberos header file path with --with-openssl).
(Jani)
- Fixed bug #31072 (var_export() does not output an array element with an empty
string key). (Derick)
- Fixed bug #31060 (imageftbbox() does not use linespacing parameter). (Jani)
- Fixed bug #31056 (php_std_date() returns invalid formatted date if
y2k_compliance is On). (Ilia)
- Fixed bug #31055 (apache2filter: per request leak proportional to the full
path of the request URI). (kameshj at fastmail dot fm)
- Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia)
- Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
- Fixed bug #30430 (odbc_next_result() doesn't bind values and that results
in segfault). (pdan-php at esync dot org, Tony)
- Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many
parameters). (Jani)
- Fixed bug #29733 (printf() handles repeated placeholders wrong).
(bugs dot php dot net at bluetwanger dot de, Ilia)
- Fixed bug #28976 (mail(): use "From:" from headers if sendmail_from is
empty).
(Jani)
- Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
(eggert at gnu dot org)
- Fixed bug #28804 (ini-file section parsing pattern is buggy).
(wendland at scan-plus dot de)
- Fixed bug #28451 (corupt EXIF headers have unlimited recursive IFD directory
entries). (Andrei)
- Fixed bug #28086 (crash inside overload() function). (Tony)
- Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
(chris at ex-parrot dot com)
- Fixed bug #7782 (Cannot use PATH_INFO fully with php isapi). (Unknown)

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,510 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved